tdpeuter/bos55-nix-config-cicd
1
Fork 0
forked from Bos55/nix-config
Code Pull requests 1 Releases Packages Activity Actions

feat(security): implement metadata redaction and sops-nix migration
Some checks failed
Build / Determining hosts to build (push) Failing after 10m8s
Details
Build / build (Development) (push) Has been cancelled
Details
Build / build (Testing) (push) Has been cancelled
Details

Browse source 
Migrated authorized SSH keys and personal metadata (emails, tokens) to sops-nix to prevent infrastructure fingerprinting. Introduced centralized secrets module with placeholder fallbacks.
This commit is contained in:
Tibo De Peuter 2026-03-17 18:25:37 +01:00
parent 8fb651fd60
commit 17c5d0ee48
Signed by: tdpeuter
GPG key ID: 38297DE43F75FFE2
12 changed files with 68 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

7
hosts/Development/default.nix
View file

@ -3,6 +3,7 @@
{
config = {
homelab = {
networking.hostIp = "192.168.0.91";
apps = {
bind9.enable = true;
homepage = {
@ -13,6 +14,7 @@
plex.enable = true;
};
virtualisation.guest.enable = true;
users.deploy.enable = true;
};
networking = {
@ -36,7 +38,7 @@
interfaces.ens18 = {
ipv4.addresses = [
{
address = "192.168.0.91";
address = config.homelab.networking.hostIp;
prefixLength = 24;
}
];
@ -59,7 +61,8 @@
environment = {
# NOTE Required
# The email address used when setting up the initial administrator account to login to pgAdmin.
PGADMIN_DEFAULT_EMAIL = "kmtl.hugo+pgadmin@gmail.com";
# TODO Hugo: Populate 'pgadmin_email' in sops.
PGADMIN_DEFAULT_EMAIL = config.sops.placeholder.pgadmin_email or "pgadmin-admin@example.com";
# NOTE Required
# The password used when setting up the initial administrator account to login to pgAdmin.
PGADMIN_DEFAULT_PASSWORD = "ChangeMe";